Sigh. You don't have to use this. Large companies that want super tailored DDoS protection can. Everyone else can just use our standard DDoS protection which is included with every plan and works: https://blog.cloudflare.com/26m-rps-ddos/
Not commenting on this particular case, but I know in smaller dev shops that time spent working on one feature is directly taken away from time spent on other things, and so if the new feature isn't useful to you, it has also taken fixing and dev time away from ones that might be. I also suspect that many people have seen the trajectory where apps get more and more features and don't focus on their core competency.
Again, I don't believe this is the case here, but it might generally explain the phenomena/misplaced snark.
Of course I'm not using it myself. But the other half of that problem is that this will inevitably be another way that cloudflare breaks my experience as a user and I can't opt out of that.
I am running quite a different browser setup from most regular web users.
I am using Firefox with multi-account containers and uBlock Origin enabled, and I also have an OpenVPN client running, the amount of captchas and distrust I receive from Cloudflare (and their customers, unknowingly I suppose) feels disproportionate.
It's funny to me that these companies most likely spends a lot of time and energy on how to optimize their websites and purchase flows, and they might not know how often Cloudflare puts up barriers and destroy their hard work.
I see a lot of sites (including those behind Cloudflare) being blocked when using Cloudfare's Warp VPN. 403s, captchas, etc.
It would be nice if Cloudflare could put abuse control measures on the front-side, and stop the abuse before allowing it to exit their VPN. E.g., if Cloudflare detects abuse with their existing anti-DDoS, anti-scraping, etc. measures, and the client is on Warp, instead of creating a poor experience for every other Warp user sharing that exit IP, just block/aggressively throttle the bad actor's traffic at the VPN terminator.
They have struggled with credential stuffing, captchas were the only way to stop our login pages from being bombarded at one time. They are getting better with it though but I would rather not lose a tool of last resort.